Facebook Removes Exposed User Data on Amazon's Servers

Facebook Removes Exposed User Data on Amazon's Servers

Facebook Removes Exposed User Data on Amazon's Servers

What's Facebook doing about it? On the plus side, the data was removed from the Amazon server while UpGuard's researchers were poking around in it, and before they had a chance to notify anyone. UpGuard found 100,000 open Amazon-hosted databases for various types of data, some of which it expects aren't supposed to be public.

Both data sets were found stored in an unsecured Amazon S3 bucket and could be accessed by virtually anyone.

"Facebook's policies prohibit storing Facebook information in a public database", explains a spokesperson.

Facebook said it worked with Amazon to take down the database.

How much data do these buckets contain?

Cultura Colectiva did not immediately respond to a request for comment. At the Pool's data was taken offline during the investigation. This database contained the backup information like fb_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, and passwords, according to UpGuard. Sources are accusing Facebook of inappropriately sharing users' data with third parties.

"The data genie can not be put back in the bottle".

Facebook's woes, as far as security and user privacy are concerned, continue to grow.

Last year, Facebook started an audit of thousands of apps and suspended hundreds until they could make sure they weren't mishandling user data.

Well, it's hard to say.

You don't reuse passwords across sites, do you? As UpGuard says, the data genie can not be put back in the bottle.

'These two situations speak to the inherent problem of mass information collection: the data doesn't naturally go away, and a derelict storage location may or may not be given the attention it requires. UpGuard doesn't know how long they were exposed, as the database became inaccessible while the company was looking into it.

And more recently, security experts noticed that Facebook allows other users to look up your profile using those numbers, too.

UpGuard argues that, while the two third-party developers are responsible for the breaches themselves, Facebook can not escape blame.

Tim Mackey, Technology Evangelist - Software Integrity Group, Synopsys, had this to say about the current Facebook lapse: "Under GDPR Article 7, consent for the collection of personal data must be unambiguous and for a defined objective". "This should offer little consolation to the app's end users whose names, passwords, email addresses, Facebook IDs, and other details were openly exposed for an unknown period of time".

But the fact that such a vast, full cache of sensitive personal information could have been accessed by anyone online raises fresh questions about Facebook's efforts to protect its users' privacy.

But this week UpGuard's Cyber Risk team revealed in a blog posting that it had found public databases on Facebook users.

Noticias relacionadas

[an error occurred while processing the directive]